cve-2021-26404
Vulnerability from cvelistv5
Published
2023-01-10 20:56
Modified
2024-08-03 20:26
Severity ?
Summary
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
References
psirt@amd.comhttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032Vendor Advisory
Impacted products
AMD3rd Gen EPYC
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen EPYC",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-01-10T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.\u003cbr\u003e"
            }
          ],
          "value": "Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-11T07:01:59.843980Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1032",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26404",
    "datePublished": "2023-01-10T20:56:44.456Z",
    "dateReserved": "2021-01-29T21:24:26.170Z",
    "dateUpdated": "2024-08-03T20:26:25.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-26404\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2023-01-11T08:15:11.647\",\"lastModified\":\"2023-11-07T03:31:44.523\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.\\n\"},{\"lang\":\"es\",\"value\":\"La validaci\u00f3n de entrada y la verificaci\u00f3n de los l\u00edmites inadecuadas en el firmware SEV pueden perder bytes del b\u00fafer temporal, lo que puede provocar una posible divulgaci\u00f3n de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"1F43FE6B-1CE0-4C93-B457-385D60D0BC7E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C912AA31-FB2D-4BD9-B1BD-3C8D7EEE771C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"CED4A938-7B21-4DBE-945E-04FD76712CDD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B02B61B7-7DD3-4164-8D32-EB961E981BC9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"35BC64A9-A82B-4D1A-A070-541F429632FD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9000686A-DC2B-4561-9C32-E90890EB2EBA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"E2909C50-60B7-45A4-A597-B9B13A3136C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71B9C24B-2C10-4826-A91B-E1C60665FBBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"8C5F5AAD-06AB-4AE2-ADDF-C704278B1E63\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180B3002-B3C5-48B5-8322-5B64B237C5B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"8B13FA57-6D07-4461-B40C-227977EFB67F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"678C5F58-8AE9-46FF-8F01-4CF394C87A2C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"4D45D2D3-EACD-40A7-A2E4-3E4918C1AAFE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1766FF1-77A9-4293-B826-F6A8FBD7AFBF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"A9BBB5C7-942A-4B1D-9219-7D158D6B65E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C474537-3006-41BA-8C3D-5C370E3ACECD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"9EA98910-C8B0-4449-A3AD-5C2356C917A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2B13CA-72F4-4CF6-9E12-62E6E9056A14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"4A92937F-8BB5-4D63-A589-58BF847F06CA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"241E39FF-FE66-444C-A4C2-3D28C45341BE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7473x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"80D9BAD4-AA85-45C6-9246-089D8C4FB30F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7473x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07E922F-C1AB-469C-A1C1-9F9E58332DFC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"5BB76635-870C-4304-B435-FFCD671FA882\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02D08121-DC57-47D7-8214-23A209F0AF08\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"7C0B8817-B424-4F8C-B6A0-8305C6317A65\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8264DF4-47B4-4716-AE89-44AFA870D385\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"661AC564-7A60-4E10-ADC3-964A04FBA896\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52544912-FAA3-4025-A5FD-151B21CEC53B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"5B7EB27B-1963-4057-9088-CBC6FBCD91F6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77A0A47B-74A1-4731-92A8-BC10FFE58ECF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"3B8ED95C-4703-4C83-B787-096FB2730CCA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"237FB33B-BF08-4E3E-8E83-EB0AD2F12A4B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"2499FB92-B422-4E92-960B-FB67B4C8108F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98E1D79D-0CB0-4FD9-8A82-27CDFBFE07B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"69C1BF26-EE53-4D48-A4CB-FB04E3DE6697\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBF0AFED-588A-4EFB-8C90-9280BC3A6720\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"52B04F08-3447-4686-A965-65F8C7C64696\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DFCB62-6CDF-4AD2-9265-1887E5780CA5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"4F45D168-7370-454E-AA01-66A5F418AAFA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D698D3E-BB05-4C65-90F4-8DAE275CD6A4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"5B612010-419B-4F5C-8B00-C5BCE6B20EE3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2299ED50-B4D2-4BB3-AD87-56D552B84AE1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"964257EB-311C-4323-AE2C-4BD97FB21798\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F900BDD-F094-41A6-9A23-31F53DBA95D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"milanpi-sp3_1.0.0.9\",\"matchCriteriaId\":\"816CE49A-4C18-4834-883B-2F19644C831D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D02B1C69-BAA4-485B-BE22-46BE321F9E4E\"}]}]}],\"references\":[{\"url\":\"https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032\",\"source\":\"psirt@amd.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.